{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-25T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-17T22:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "92489", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92489"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.phpmyadmin.net/security/PMASA-2016-47"}, {"name": "GLSA-201701-32", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-32"}, {"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6624", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "92489", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92489"}, {"name": "https://www.phpmyadmin.net/security/PMASA-2016-47", "refsource": "CONFIRM", "url": "https://www.phpmyadmin.net/security/PMASA-2016-47"}, {"name": "GLSA-201701-32", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-32"}, {"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:36:29.397Z"}, "title": "CVE Program Container", "references": [{"name": "92489", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92489"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.phpmyadmin.net/security/PMASA-2016-47"}, {"name": "GLSA-201701-32", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-32"}, {"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6624", "datePublished": "2016-12-11T02:00:00", "dateReserved": "2016-08-06T00:00:00", "dateUpdated": "2024-08-06T01:36:29.397Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F06DC95-76B1-4E24-A55F-1358A25ED0E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2CA76CB4-6167-446A-8D4F-6D5B38046334", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8D28655-7F37-474D-A4E2-772AF24B94E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "1FA1951E-BD85-42BF-BF7F-79A14D165914", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0D08BEE8-5ACF-438D-9F06-86C6227C9A5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "58DD0910-DBBA-4858-B9B1-FA93D08323D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "50DA8EBE-52AA-45A5-A5FB-75AF84E415E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DC8D93A3-8997-4EB9-A411-74B296D1341F", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "6E5A81B2-E16F-4AE2-9691-92D3E8A25CCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "0245AF2D-F856-4CAA-A830-36D43026D1E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "00BD9E52-A6BB-48BB-9FEE-D0272AD9B6DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "C69E253E-157D-45BA-A977-079A49F74A72", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "6325E2AE-BB86-4953-AA9E-0433C00B096E", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "3C54B828-8B23-4C62-907E-8EE7E757B721", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "02DD18C8-172B-41CD-87DD-58BDEC0D9418", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "10666E30-D98A-47A9-881A-B281066F0EC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "3993826B-CA66-4BC2-8E1B-06CF9230B214", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "14928F51-761E-4FCA-B13C-A11530C7FC46", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "DB761644-20F5-4E0D-B301-7809EAECA813", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*", "matchCriteriaId": "896439D0-6C98-44A6-8C9D-0D57D57782D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*", "matchCriteriaId": "978B828C-1FCB-4386-B685-5BEE5A8A500C", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*", "matchCriteriaId": "51A3261B-23BE-42D7-8A52-AE2E8C274A3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*", "matchCriteriaId": "F0B7EA51-27EC-4884-8D60-FB9477D2B91A", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*", "matchCriteriaId": "D6C9F2CC-778B-4604-B463-7A1D3FB8B9C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*", "matchCriteriaId": "4B20C44D-0EF1-48F2-B0AA-C8FF0BD9E252", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*", "matchCriteriaId": "40F85FEC-427E-487D-997E-7EE359475876", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*", "matchCriteriaId": "2C825978-7E00-4C20-A806-0B968AA589AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*", "matchCriteriaId": "34986C36-1C93-4DA8-A4C2-0CB8B24BAD3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.16:*:*:*:*:*:*:*", "matchCriteriaId": "B744FB8F-C58C-446C-B4B9-53548EBE12D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "13CD0228-728B-437A-84C1-BD7AFA52FFB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "DFF55485-9892-4E7B-AEE0-017E61EAA7C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6100FE3E-0A31-4B55-90F2-90AF765A8EB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "FBAAC8D9-AAA5-487C-B4AA-84BAE5DB109E", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "5E06B1D3-29B4-45B7-B81F-C864AF579011", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "6B2E3923-0E2B-411A-B091-088E6FF050D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "1848C748-804D-4FE4-AB9C-B1BF9E58A19C", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "12296322-DFAD-4B36-83EC-D01BF5DF7F2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA321C14-C8F4-41FC-B601-2F646064ABBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "54DBCF86-0CE8-46C4-B2E7-E3224765CCFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "1BF3DBC5-7020-48D0-ADEA-E71776DB2285", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "317F952E-5F12-4ED3-8FA3-FC1106B50F85", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "87B97F98-C0A7-4D9E-8333-7EE9EC456A12", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "7A1E753D-5653-4D7A-8E41-6C02511EBFCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "417230C7-0EC2-49F4-B810-A8AE84A302AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "103FEAB1-194E-4CEF-935A-4DBCCA298205", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5814003-9FF8-4F8E-9D90-A2BBB80B8451", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "C6D742A8-B9D0-4BC0-8E3E-E0FDCC1083FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "16D28B77-9353-4259-9299-30638A78CCD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "C022292B-6E06-4328-842F-135A872D22AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "F15F00FB-BB9B-4D54-B198-0A74D418B8DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC10AF20-7B65-4FAE-A2AD-783867D60A8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*", "matchCriteriaId": "4EB7190C-0401-4E2E-B15F-4CFC79D5A4E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*", "matchCriteriaId": "4BED20D9-C571-4BC5-9A54-450A364C6E43", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*", "matchCriteriaId": "2A2B646D-DDFC-4CB2-B7F4-0C33AF18D14F", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*", "matchCriteriaId": "9CBF68B2-2BCF-4EEB-8A7C-D83DCAF1AFB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.7:*:*:*:*:*:*:*", "matchCriteriaId": "36B92C51-B51B-4538-8A2A-102881F8024C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C641F362-D37D-47CB-BE6C-36E5F116F844", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "85631B69-7060-42D1-AE24-466BA10EB390", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E62EDC79-47AA-4CED-AB7F-1E4D158EB653", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "C0B800AA-6290-4032-AA17-21025A19C392", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en phpMyAdmin que implicaba una aplicaci\u00f3n incorrecta de las reglas de autenticaci\u00f3n basadas en IP. Cuando phpMyAdmin es utilizado con IPv6 en un entorno de servidor proxy, y el servidor proxy se encuentra en el rango permitido pero el ordenador atacante no est\u00e1 permitido, esta vulnerabilidad puede permitir al ordenador atacante conectar a pesar de las reglas IP. Todas las versiones 4.6.x (anteriores a 4.6.4), versiones 4.4.x (anteriores a 4.4.15.8) y versiones 4.0.x (anteriores a 4.0.10.17) est\u00e1n afectadas."}], "id": "CVE-2016-6624", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-11T02:59:31.927", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92489"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201701-32"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.phpmyadmin.net/security/PMASA-2016-47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/92489"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201701-32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.phpmyadmin.net/security/PMASA-2016-47"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}